Subj : Microsoft Defender flaws attacked to spread dangerous malware To : All From : TechnologyDaily Date : Wed Jul 24 2024 17:15:05 Microsoft Defender flaws attacked to spread dangerous malware Date: Wed, 24 Jul 2024 16:08:13 +0000 Description: SmartScreen flaw affected Microsoft Defender users across the world, and is still being exploited despite a patch. FULL STORY ====================================================================== Cybercriminals are persistently looking to try and exploit a vulnerability in Microsoft Defender SmartScreen to deliver all kinds of malware and infostealers. FortiGuard Labs has reported observing a new campaign targeting victims in Spain, Thailand, and the US looking to drop ARC Stealer, Lumma, and Meduza. The flaw allows the attackers to bypass Windows Defender SmartScreen, a security feature integrated into Windows operating systems and designed to protect users from online threats. Lumma and Meduza Stealer "Initially, attackers lure victims into clicking a crafted link to a URL file designed to download an LNK file," the researchers explained. "The LNK file then downloads an executable file containing an [HTML Application] script." The vulnerability that keeps getting exploited is tracked as CVE-2024-21412. It has a severity score of 8.1, and researchers have been warning of it since mid-February this year. Back then, experts from Trend Micro said they saw a threat actor called Water Hydra (DarkCasino) abusing the then-zero-day, to target crypto traders, on New Years Eve. "We concluded that calling a shortcut within another shortcut was sufficient to evade SmartScreen, which failed to properly apply Mark-of-the-Web (MotW), a critical Windows component that alerts users when opening or running files from an untrusted source, Trend Micros experts said at the time. In early July 2024, researchers from Cyble also issued a warning that the flaw was used to deploy malware, and urged users to apply a fix immediately, as Microsoft had patched the flaw on February 13 2024. While originally, the flaw was used to drop the DarkGate commodity loader, in the new campaigns, the crooks opted for ARC Stealer, Lumma, and Meduza. All are relatively popular infostealers, capable of grabbing sensitive files, login credentials, cryptocurrency wallet data, screenshots, and more. Via The Hacker News More from TechRadar Pro Microsoft SmartScreen vulnerability can be abused to deploy malware, and its happening in the wild Here's a list of the best firewalls around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/microsoft-defender-flaws-attacked-to-sp read-dangerous-malware --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .